Problems in Samba4 DNS

it might happend that DNS entries can’t be resolved or updated. This behavior always occurs within an ActiveDirectory environment with mixed DNS zones. When restarting bind9 the following lines can be found in ‘/var/log/daemon.log’.

Jan 18 20:00:48 ucs-srv1 named[7097]: samba_dlz: pre-W2k3 zone found
Jan 18 20:00:48 ucs-srv1 named[7097]: samba_dlz: Ignoring dnsZone _msdcs.domain.local

Analysis

You should check the DNS zones and entries in the DNS backend, which means Samba/AD

univention-s4search --cross-ncs objectClass=dnsZone dn

It might happen that, for example the reverse zone is, or just some DNS entries - notably service records - are, located under CN=MicrosoftDNS,CN=System,DC=domaene,DC=local. They need to be moved to the correct DNS section.

Solution

First of all you should create a backup from OpenLDAP

univention-ldapsearch -LLLo ldif-wrap=no -b cn=dns,$( ucr get ldap/base ) >ucs_dns_full.ldif

Than you’re going to delete the faulty entries from Samba/AD

ldbedit -H /var/lib/samba/private/sam.ldb --cross-ncs

Because of the replication also the entries in OpenLDAP will be deleted, that’s why we created the previous backup from which you know reimporting the DNS configuration.

ldapadd -h localhost -p 7389 -D "cn=admin,$( ucr get ldap/base )" -y /etc/ldap.secret -f ucs_dns_full.ldif

Once again the DNS entries are replicated into Samba/AD, this time to the right places. When restarting bind9 know, the mentioned loglines should no longer appear.